Comodo hacker: I hacked DigiNotar too; other CAs breached

The hacker behind this year's Comodo hack has claimed responsibility for the …

The hack of Dutch certificate authority DigiNotar already bore many similarities to the break-in earlier this year that occurred at a reseller for CA Comodo. Bogus certificates were issued for webmail systems, which were in turn used to intercept Web traffic in Iran. Another similiarity has since emerged: the perpetrator of the earlier attacks is claiming responsibility for the DigiNotar break-in.

Calling himself ComodoHacker, the hacker claims that DigiNotar is not the only certificate authority he has broken into. He says that he has broken into GlobalSign, and a further four more CAs that he won't name. He also claimed that at one time he had access to StartCom.

The statement did not provide any specific details about how the hack was performed, offering only a high-level description of some of the things he did: he found passwords, used 0-day exploits, penetrated firewalls, and bypassed the cryptographic hardware that DigiNotar was using to gain remote access to machines. He said that a more detailed explanation would follow, when he had the time, and that it would serve as useful guidance for Anonymous and LulzSec. While lacking in detail, the hacker did include an Administrator-level username and password apparently used on DigiNotar's network. DigiNotar has not confirmed the authenticity of this information.

As with the statements issued after the Comodo hack, the DigiNotar statement was clear about one thing: the sophistication of the hack and the great skill it took.

ComodoHacker also justifed his attack on the Dutch certificate authority by blaming the Dutch for the murder of 8,000 muslims at Serbian hands in Srebrenica; "It's enough for Dutch government for now, to understand that 1 Muslim soldier worth 10000 Dutch government."

Meanwhile, the fallout from the hack continues. DigiNotar has, in effect, lost its status as a trusted root certificate authority. Its certificates have been blacklisted by Microsoft, Google, Mozilla, and Apple.

This is having some significant consequences for Dutch Internet users. Certificates issued by DigiNotar are used by the Dutch government, forcing the government to warn that it can no longer ensure the integrity of secure connections to its own websites. The government is now overseeing DigiNotar's operations as the certificate authority attempts to learn the full scope of the attacks. Since taking over, the government has issued a list of more than 500 fradulent certificates issued by DigiNotar.

Among these are certificates for *.*.com and *.*.org, which would allow someone in possession of the certificates to perform man-in-the-middle attacks for almost any site with a .com or .org domain—a far wider problem than initially assumed. The Tor Project has also discovered some unusual text in one of the certificates. It contains a number of phrases written in Farsi, which translate as "great cracker," "I will crack all encryption," and "I hate/break your head." This alludes to ComodoHacker's statement about the Comodo hack, in which he claimed to be able to break strong encryption.

There's also increasing evidence that the certificates were used widely within Iran. Trend Micro's Smart Protection Network collects many kinds of data, including domain name lookups. Over the past few weeks, the number of Iranian systems looking up DigiNotar's validation.diginotar.nl domain was far higher than normal, until it abruptly dropped on August 30th. This activity implies that with large numbers of Iranian machines were performing revocation checks on the bogus DigiNotar certificates during July and August. The abrupt stop in turn implies that traffic to validation.diginotar.nl has now been blocked within Iran.

This suggests that the number of man-in-the-middle attacks performed against Iranians was substantial, and that the attacks occurred over many weeks, making secure communication insecure for all those within Iran. After the Comodo hack, ComodoHacker made clear that he was deliberately acting to thwart anti-government dissidents within Iran. In spite of his criticism of the Dutch, the true target remains the Iranian people.

The implications for the certificate authority system remain uncertain. Both the Comodo and DigiNotar hacks demonstrate the considerable, and well-known, problems with the current system: certificates from a trusted authority are accepted unconditionally, and there are many such authorities, and their integrity cannot be assured. DigiNotar compounded the problems by being far from forthcoming about the nature and extent of the hack, a situation that has only improved since the Dutch government got involved. In contrast, Comodo was quick to notify browser vendors to notify them of the problem.

There are proposals such as DNSSEC, to make domain name information secure; CAA records, to allow DNS to denote that a domain should only accept certificates issued by particular certificate authorities; and DANE, to allow dissemination of certificates over DNS, that would go some way toward preventing similar attacks in the future. There are also systems that move away from absolutely trusted certificate authorities in favor of consensus-based trust. Such systems would both make it harder to perform man-in-the-middle attacks, and reduce the impact of certificate authority compromises. However, little action has been taken to make these systems a practical reality, as both require substantial changes to be made to the way DNS and certificates are issued and used.

A number of browser-based stopgap solutions are being devised to partially fill this gap. Certificate Patrol for Firefox provides alerts if a certificate has changed unexpectedly, which would reveal the use of fraudulent certificates. Convergence, also for Firefox, provides a kind of decentralized trust system instead of a fixed list of certificate authorities. Chrome's HTTPS pinning feature means that Chrome will only accept certificates issued by certain certificate authorities when visiting Google domains. This provides a kind of Google-specific, Chrome-specific equivalent to the CAA DNS proposal.

While these browser-based systems can protect users, they don't obviate the need for a more substantial overhaul of the entire certificate system. The DigiNotar hack demonstrates the need for change, but with considerable vested corporate interests in the current system—not to mention massive entrenchment—it could be a long time coming.